the role of number theory in modern cryptography - Rivier University

InSight: RIVIER ACADEMIC JOURNAL, VOLUME 8, NUMBER 2, FALL 2012
THE ROLE OF NUMBER THEORY IN MODERN CRYPTOGRAPHY
Robert R. Marceau*
M.S. Program in Computer Science, Rivier College
Keywords: bully children
Abstract
The basic premise of modern cryptography is that the encryption and decryption processes should be
computationally easy when the secret key is known, but very difficult without the key. Very difficult may well mean
that with the current state of computation, it would take longer than the estimated age of the universe. One typical
problem of this class is the factoring of a large composite integer that was generated by the multiplication of two
large prime numbers. The multiplication of integers consisting of hundreds of digits is trivial for a computer. The
factoring of a similar size number is a very difficult problem.
1 Historical Notes
Number theory may be traced back to the Greeks. Diophantus (c. 250) was interested in integer solutions
to various equations. Several other great mathematicians have made contributions to number theory
including Fermat, Gauss, and Euler. [1, page 120] It is only recently that great interest in number theory
has developed due to its application to cryptography.
2 Preliminaries
2.1 Prime
The number , with is called prime if and only if the only positive factors of are and . If
is not prime, it is called composite. [2, page 210] [3, page 109]
2.2 Greatest Common Divisor
Let , not both . The largest such that is called the greatest common divisor of
and . [2, page 215] [1, page 80
2.3 Fundamental Theorem of Arithmetic
Every positive integer greater than can be written uniquely as a prime or the product of two or more
primes where the prime factors are written in order of nondecreasing size. [2, page 211] [4, page 210] [3,
page 110] [1, page 97]
2.4 Infinite number of primes
A proof of this theorem was provided by Euclid. [2, page 212] [4, page 11] This proof illustrates the
classic “proof by contradiction” method.
Copyright © 2012 by Robert R. Marceau. Published by Rivier University, with permission. 1
ISSN 1559-9388 (online version), ISSN 1559-9396 (CD-ROM version).

Robert R. Marceau
Assume the contrary, that there is only a finite number of primes, n. These prime numbers may be
listed as . Consider the number . This number yields a remainder of when
it is divided by any prime. We have just produced a number that is not divisible by any prime on
our list. This contradiction leads us to the conclusion that our initial assumption is false and that
there are in fact an infinite number of primes.
An alternative direct proof is found in [1, pages 66–67]:
Consider the value . This value is not divisible by any integer from to . By the
Fundamental Theorem of Arithmetic, it must be either prime or divisible by a prime. Either way, it
has a prime factor , which must be greater than . Since we have found a prime greater than n, for
every positive integer , there must be infinitely many primes.
2.5 Pseudo-prime to the base b
Let , composite. If then is called a pseudo-prime to the base . [2, page
240] [5, pages 95–97] [4, page 36]
2.6 Carmichael Number
If a composite integer is a pseudo-prime such that then is called a Carmichael
number. [2, page 240] [4, page 37] [1, page 207–208]
2.7 Inverse modulo m
If are relatively prime, then such that . (If two integers , and
have no common divisors, then there is a unique integer such that times has a remainder of 1 when
divided by ). [2, page 234][4, page 24] [1, pages 140, 200]
2.8 Euler’s Totient ϕ function
The Totient function is defined as the number of positive integers less than or equal to n that are
relatively prime to . Two numbers and are said to be relatively prime to each other if and only if the
Greatest Common Divisor of and is . [3, page 104] [4, page 30] [5, page 129–131]
2.9 Multiplicative function
If a function defined for all positive integers is called multiplicative if
whenever and are relatively prime. [1, page 222]
2.10 Mersenne Numbers
A Mersenne Number, is defined as where is a non-negative integer. [5, pages 51–53]
2

THE ROLE OF NUMBER THEORY IN MODERN CRYPTOGRAPHY
3 Totient Function ϕ(n)
If is a prime, then . All of the numbers from through are relatively prime to . There
are of these numbers. It should be noted that the converse is also true: If there are numbers
relatively prime to that are less than , then must be prime. Otherwise, would have a factor greater
than and less than . [3, page 104] [4, page 30] [5, page 129–131]
The Totient function is a Multiplicative function. If n and m are relatively prime, then
. [1, page 224] It is these two properties of the Totient function that make the
calculation of the Totient function computationally equivalent to factoring a number. If and are two
large prime numbers, factoring is prohibitly expensive.
4 Mersenne Numbers
If is a Mersenne Number, and n is composite, then is also composite. [5, page 52] Consider
, where and are positive integers. Then we have:
If divides , then divides . The converse, however, is not true. Consider the Mersenne number
. The number is prime, however, .
5 Prime Testing
5.1 Fermat’s Little Theorem
If p is a prime and a is a positive integer where p does not divide a (since p is a prime, this is the same as
the condition that a and p have no common factors greater than 1) then . [3, pages 128,
135, 190] [1, pages 199–201]
Fermat’s Little Theorem may be used to prove a given number is composite. Unfortunately, the
converse is not true. A counter example is provided by the number 341. We have 2 340 ≡ 1 (mod 341), but
341 = 11・31 is clearly composite.
For any chosen base, there are Pseudo-primes to that base. It has been proved that there exists an infinite
number of Pseudo-primes. [1, page 206]
5.2 Euler’s Theorem
If m is a positive integer and a is an integer that is relatively prime to m, then
. It
should be noted that this is a generalization of Fermat’s Little theorem, replacing the restriction that the
modulus be prime with the condition that a and m have no common factors greater than 1. This is true
since 1 for all prime numbers p. [5, pages 25–26] [1, page 217]
3

Robert R. Marceau
5.3 Lucas-Lehmer Test
The Lucas-Lehmer Test may be used to determine if a Mersenne number is prime or composite. [5,
pages 146-149] [3, page 193] [1, page 243] A sequence of positive integers is defined recursively as:
Let p be a prime number. The Mersenne number is prime if and only if .
5.4 Miller Test
As seen by Fermat’s Little theorem,
is sufficient to demonstrate that the number p is
not prime. The pseudo-prime numbers (and the Carmichael numbers in particular) demonstrate that it
does not lead to a test for primeness. The Miller Test will eliminate some additional composite number
from consideration, but, like Fermat’s Little Theorem, it can only prove some numbers are composite.
The test proceeds as follows (given an odd number and a base , where ): [5, pages
100–102] [1, pages 209–210]
1. Divide n−1 by 2 until an odd factor, q is found. We now have .
2. Set i = 0 and .
3. If i = 0 and r = 1 terminate the test with an inconclusive result.
4. If i ≥ 0 and r = n − 1 terminate the test with an inconclusive result.
5. Increase i by 1 and set
6. If i < k proceed to step 4, otherwise, n is composite.
6 Diffie–Hellman
As strange as it may seem, it is possible for two individuals to decide on a secret number by only
exchanging public messages. Using the typical Bob and Alice cryptography character names, the
procedure works as follows: [4, pages 50–51] [3, pages 270–271] [1, pages 299–300] [6, pages 188–
190]
Alice and Bob first agree on a large prime and an integer with such that the order
of is sufficiently high. The order of is defined as the smallest integer such that
. It should be noted that for all a has a unique inverse, . The
values and are publicly known. Alice also chooses a random positive integer and
calculates
. The value A is transmitted to Bob (over the insecure channel), while the
exponent a is kept secret. Bob chooses a random positive integer
and
calculates
, which is then transmitted to Alice.
Both Alice and Bob are able to now calculate the common key K. Alice, knowing a in addition to
and calculates , which is equal to . In a similar manner, Bob calculates ,
which is also equal to . (The multiplication of the exponents and is commutative).
The selection of deserves further discussion. If is a primitive root mod p, then it has an order of
. For a given prime, , there are primitive roots mod [6, page 66]. Finding one of these
4

THE ROLE OF NUMBER THEORY IN MODERN CRYPTOGRAPHY
primitive roots is computationally equivalent to factoring the integer . Give the size of ,
factoring is in general intractable. However, if p is chosen such that is also prime, say ,
we can use an efficient method to test whether a randomly chosen g is a primitive root. (We have chosen
such that we know the prime factorization of ).
The number of primitive roots mod is , but since , we can calculate
. Roughly half of the values between and are
primitive roots. A randomly chosen can be quickly tested by calculating and . If both
of these values are not equal to 1, then g is a primitive root mod p.
7 RSA
Two large prime numbers p and q are chosen and kept secret. The product is calculated and
another small integer which is relatively prime to is chosen. is easy to calculate if and are
known, since . The pair of numbers ( ) is the public key. Two
functions are defined:
The function is used to encrypt the message (which has been broken into a sequence of numbers ,
with ). The number is the inverse of . We know such an inverse exists since
and are relatively prime. The extended Euclidean algorithm may be used to easily calculate ,
provided and are known. The public key is the pair ( ) which may be used by anyone to encrypt
a message. The private key is the pair ( ), which is required to decrypt a message. Combining results,
we have:
However, is the inverse of modulo . It can further be shown that and
. At this point, we have divides . Since , we finally have .
[5, pages 163–171]
Calculating knowing only and ( ) is computationally equivalent to factoring . It may also
be viewed as the discrete logarithm problem. That is determine the value such that . [3,
page 205] [1, pages 332–333] [6, pages 186–187, 213–214]
8 Exponentiation mod n
There is a very efficient method to calculate . It is reminiscent of Horner’s rule to evaluate a
polynomial for a particular value of . [6, page 46] [4, pages 34–35] The procedure is as follows:
The exponent is expressed in binary, where each is chosen such that . (Each
is a binary digit for the binary expansion of , being the least significant bit. Here is the number
of bits required to represent in binary). The following equations illustrate how may be calculated:
5

Robert R. Marceau
The following pseudo-code demonstrates how this may be done:
int power(int base, int exponent)
{
int result = 1;
while (e > 0) {
if (exponent & 1)
result = result * base;
base = base * base;
exponent = exponent / 2;
}
return result;
}
The process only requires multiplications and divisions, plus another multiplications, where is the
number of one bits in the binary expansion of the exponent. For cryptographic purposes, the result and
base would be reduced modulus after each iteration. The running time for the procedure above to
calculate is . This is a substantial improvement over the naïve approach which has a running
time of .
9 Conclusion
As seen in the sections describing Diffie–Hellman key exchanges and the RSA encryption algorithm, the
ability to find large (200 decimal digits) prime numbers is of critical importance. Methods to perform
modular arithmetic, in particular raising a number to a very large power are also necessary. The security
relies upon the fact that calculating the Totient function for a large number is equivalent to finding the
prime factorization of the number. In the applications discussed above, two large primes are multiplied
to give a number n for which calculating the Totient function is very difficult.
References
[1] Kenneth H. Rosen. Elementary Number Theory and Its Applications (4 th Edition). Addison Wesley, 2000.
[2] Kenneth Rosen. Discrete Mathematics and Its Applications. McGraw-Hill Science/Engineering/Math, 2006.
[3] James A. Anderson and James M. Bell. Number Theory with Applications. Prentice Hall, 1997.
6

THE ROLE OF NUMBER THEORY IN MODERN CRYPTOGRAPHY
[4] William Stein. Elementary Number Theory: Primes, Congruences, and Secrets: A Computational Approach
(Undergraduate Texts in Mathematics). Springer, 2008.
[5] S.C. Coutinho. The Mathematics of Ciphers: Number Theory and RSA Cryptography. A K Peters/CRC Press,
1999.
[6] Johannes Buchmann. Introduction to Cryptography (Undergraduate Texts in Mathematics). Springer, 2004.
[7] John Stillwell. Elements of Number Theory. Springer, 2002.
[8] Underwood Dudley. Elementary Number Theory: Second Edition. Dover Publications, 2008.
[9] William J. LeVeque. Fundamentals of Number Theory. Dover Publications, 1996.
[10] G. Everest and Thomas Ward. An Introduction to Number Theory (Graduate Texts in Mathematics).
Springer, 2005.
[11] Gareth A. Jones and Josephine M. Jones. Elementary Number Theory. Springer, 1998.
[12] Ronald S. Irving. Integers, Polynomials, and Rings: A Course in Algebra (Undergraduate Texts in
Mathematics). Springer, 2003.
___________________
* ROBERT MARCEAU wrote his first computer program in October, 1969 on a DEC PDP-8/I running TSS/8. Since that
time, he has earned a B.S. and M.S. in Mathematics from the University of Massachusetts - Lowell and is currently
enrolled in the Computer Science Ph.D. program there. He is also expecting to complete his M.S. in Computer Science at
Rivier University in spring 2013. He has spent over thirty years in the software industry and is currently an Adjunct
Faculty member at Nashua Community College teaching a variety of Mathematics and Computer Science courses.
7